If you are developing a #WebApp try to enable #CSP heders directly from the start. It is much easier to validate correct function everytime a feature is added and not at a later point if the app still works correclty.

That said: #angular made it easier to add CSP headers with a nonce https://angular.dev/best-practices/security#content-security-policy

I trust you with searching on how to configure your webserver and check CSPs with tools ;)

I found this refrence rather helpful: https://content-security-policy.com/

https://code-maze.com/aspnetcore-content-security-policy/ - building a #CSP (Content Security Policy) in #ASPnet. Nice walkthrough https://www.linkedin.com/in/rpmir1/.

Die Liebste und ich kauften gestern große Rucksäcke, um auf Reisen ohne Auto alles für uns und unsere Hunde mitnehmen zu können. Aktuell zeichne ich etwas zu Rucksäcken im Stream. Schaut gerne mal vorbei!

https://twitch.tv/herrklamauk

WIP

A while back I broke my #csp #tabmate - been looking far and wide for replacement part, a scroll wheel. Turned out that nothing I found could fit. Eventually - I designed it and #3dprint -ed it. Not yet ideal - but it works! Can use my tabmate again! #clipstudiopaint #fix #art #drawing #DigitalArt #MastoArt

13.06.2022

Old comms for kairotheleopard @ FurAffinity ! Thanks~

#WormsSocial Das die Umsetzung der Content Security Policy (#CSP) auch in den besten Familien mangelbehaftet sein kann, sieht man, wenn man https://digitalcourage.de als Referenz mit Hilfe von https://webbkoll.5july.net/ untersucht.
Auch habe ich den Eindruck, dass man sich hier insofern ein Ei legen kann, als dass man ggf. irgendwann später mal irgendwas zu integrieren versucht und es geht nicht und man kommt nicht drauf, dass man die eigene CSP ändern muss. Umsetzung per Code Snippet als Meta-Tag.

Higitus Figitus!

Aktuell auf Twitch: Artfight-Rache!

https://twitch.tv/herrklamauk

A while ago I filmed & wrote a tutorial on turning your photographs into art. Discussing overpainting techniques and best practices of combining painted art with photos. It was made for CSP, but the techniques are applicable to any art program!

https://dona.neocities.org/secret/tut_photoillo

Ergebnis des heutigen Streams: Meine erste Artfight-Rache!

Commission

For hiried @ FurAffinity ! Thanks~

27.05.2022

Old Comms for backwardsfurboi @ Twitter ! Thanks~

Aktueller Stand meines ersten "Angriffs" beim Artfight. Der Stream dazu war einfach nur toll. Danke an alle, die reingeschaut haben!

https://twitch.tv/herrklamauk

A strict-looking content security policy isn’t always a secure one.

During a recent engagement, we came across a policy that had all the right bits on paper including nonces, locked-down sources, and everything you'd expect.

But one missing directive "base-uri" was all it took to break it wide open.

By injecting a <base> tag, we redirected script loading to an attacker-controlled domain. XSS payload delivered. CSP bypassed.

CSPs need more than checkboxes. They need context, testing, and attention to the small stuff.

Here’s what went wrong and how to avoid it: https://www.pentestpartners.com/security-blog/csp-directives-base-ic-misconfigurations-with-big-consequences/

Concentrating solar power returns to the US, enclosed in a "greenhouse" to cut costs.

https://cleantechnica.com/2025/06/18/the-solar-energy-whack-a-mole-continues-coal-power-plants-keep-closing/

Is the US heading for a concentrating solar power revival? Maybe!

https://cleantechnica.com/2025/06/18/the-solar-energy-whack-a-mole-continues-coal-power-plants-keep-closing/

Using a content security policy with static assets in Blazor .NET 10

https://github.com/damienbod/BlazorSecurityNet10

https://www.europesays.com/fr/161072/ L’Allemagne et l’Espagne vont développer un drone dédié au ravitaillement en vol #Actualités #Airbus #allemagne #BundesrepublikDeutschland #CSP #DE #Deutschland #drone #DroneRavitailleur #Espagne #EU #europe #Germany #News #PESCO #RavitaillementEnVol #RépubliqueFédéraleD'Allemagne #SCAF #UE

Neu im Forum:

CSP Problem beim Bootstrap Package

https://t3forum.net/d/910-csp-problem-beim-bootstrap-package